Because of Autofill support for Two-factor authentication. Sticky helps you to autofill auth code you get via SMS. For example, if you have enabled SMS auth for your bank account and you are trying to login, you can just paste the code to the appropriate field. It works for common services like Dropbox, Google, banks etc.

Sound reasonable enough, and the Sticky team already have my trust, but even though you've already proven to be a prolific and helpful user, I miss an official statement, simply because this is a major change of permissions that should not be taken lightly by anyone.
Could you please direct me to the page you've read this information you provided?

Kind regards
Sam Ferdinand

pavelkrcma wrote:Because of Autofill support for Two-factor authentication. Sticky helps you to autofill auth code you get via SMS. For example, if you have enabled SMS auth for your bank account and you are trying to login, you can just paste the code to the appropriate field. It works for common services like Dropbox, Google, banks etc.

we prepare a FAQ with explanation why each permission is required. It makes sense to have it on one place.

I suggest adding explaining how permissions work, and what each type does, complete with examples for what each permissions type means so we can understand what each permissions type means as we understand why an app is requesting it when install or update.

we will place the list of permissions to FAQ shortly. Please find it below:

com.android.vending.BILLING
Allows application to use in-app purchase in order to extend the service

android.permission.SYSTEM_ALERT_WINDOW
Allows an application to open windows using the type TYPE_SYSTEM_ALERT,
shown on top of all other applications. This permission is used to display
messages and notifications, i.e. floating window or synchronization status.

android.permission.GET_ACCOUNTS
Allows access to the list of accounts in the Accounts Service.

android.permission.INTERNET
Allows applications to open network sockets. It allows to communicate with
the backend and use StickyBrowser.

android.permission.ACCESS_NETWORK_STATE
Allows applications to access information about networks. StickyPassword
uses it to check if synchronization could be run.

android.permission.READ_EXTERNAL_STORAGE
Allows an application to read from external storage. StickyPassword stores
data at the external storage.

android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to write to external storage. StickyPassword stores
data at the external storage.

com.android.browser.permission.READ_HISTORY_BOOKMARKS
Allows an application to read (but not write) the user's browsing history
and bookmarks. StickyPassword uses it in case of import from default
browser.

com.android.launcher.permission.INSTALL_SHORTCUT
Allows an application to install a shortcut in Launcher. User can create
StickyBrowser shortcut from the StickyBrowser menu.

com.android.launcher.permission.UNINSTALL_SHORTCUT
Allows an application to uninstall a shortcut in Launcher. User can remove
StickyBrowser shortcut from the StickyBrowser menu.

android.permission.GET_TASKS
Allows an application to get information about the currently or recently
running tasks.

android.permission.RECEIVE_SMS
Allows an application to monitor incoming SMS messages, to record or perform
processing on them. This permission is used for autofill engine in case of
two-factor authentication on websites.

android.permission.BIND_ACCESSIBILITY_SERVICE
Must be required by an AccessibilityService, to ensure that only the system
can bind to it. This permission is used for the autofill engine.

android.permission.RECORD_AUDIO
Allows an application to record audio. This permission is used by voice
recognition authentication mechanism.